Unable to ping subinterface in ASAv

Before posting something, READ the changelog, WATCH the videos, howto and provide following:
Your install is: Bare metal, ESXi, what CPU model, RAM, HD, what EVE version you have, output of the uname -a and any other info that might help us faster.

Moderator: mike

Post Reply
labrat51
Posts: 3
Joined: Wed Sep 07, 2022 6:56 pm

Unable to ping subinterface in ASAv

Post by labrat51 » Wed Sep 07, 2022 7:06 pm

Hello, this setup is on EVE-NG Pro on ESXI and involves Cisco Nexus (9.3.10) and ASAv (9.16(3)19) platforms.

I have the attached diagram and my ASAv config is as follows, for internal-fw1

Code: Select all

interface GigabitEthernet0/0
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/0.1
 vlan 1
 nameif test1
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
interface GigabitEthernet0/0.2
 vlan 2
 nameif test2
 security-level 100
 ip address 192.168.2.1 255.255.255.0 
!
interface GigabitEthernet0/0.3
 vlan 3
 nameif test3
 security-level 100
 ip address 192.168.3.1 255.255.255.0 
!
access-list permit_all extended permit ip any any 
access-group permit_all in interface test1
access-group permit_all in interface test2
access-group permit_all in interface test3
!
icmp permit any test1
icmp permit any test2
icmp permit any test3
!
The connected Nexus L3SvcBlock is configured with SVIs (all /24s) and a trunk to internal-fw1:

Code: Select all

l3svcblock1# sh ip int b

IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan1                192.168.1.2     protocol-up/link-up/admin-up       
Vlan2                192.168.2.2     protocol-up/link-up/admin-up       
Vlan3                192.168.3.2     protocol-up/link-up/admin-up 
!
l3svcblock1# sho spanning-tree vlan 1-3 | inc Eth1/3
Eth1/3           Desg FWD 4         128.3    P2p 
Eth1/3           Desg FWD 4         128.3    P2p 
Eth1/3           Desg FWD 4         128.3    P2p
However I cannot ping from the switch to the firewall or vice-versa and ARP is not being populated.

Arp on Nexus:

Code: Select all

l3svcblock1# sho ip arp

Flags: * - Adjacencies learnt on non-active FHRP router
       + - Adjacencies synced via CFSoE
       # - Adjacencies Throttled for Glean
       CP - Added via L2RIB, Control plane Adjacencies
       PS - Added via L2RIB, Peer Sync
       RO - Re-Originated Peer Sync Entry
       D - Static Adjacencies attached to down interface

IP ARP Table for context default
Total number of entries: 1
Address         Age       MAC Address     Interface       Flags
192.168.2.1     00:00:04  INCOMPLETE      Vlan2                    
l3svcblock1#
Any ideas what could be wrong? Are subinterfaces on ASAv in EVE-NG supported?

Thanks
You do not have the required permissions to view the files attached to this post.
Top
Uldis (UD)
Posts: 5180
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:
Contact Uldis (UD)

Re: Unable to ping subinterface in ASAv

Post by Uldis (UD) » Thu Sep 08, 2022 7:57 pm

works like charm
You do not have the required permissions to view the files attached to this post.
Top
Post Reply

Return to “EVE-NG Help-Desk”